logo

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

ID: 2ff2f1b8-4403-5e34-8ae9-b5b65161baf6

STIX ID: report--2ff2f1b8-4403-5e34-8ae9-b5b65161baf6

Feed Name: The Hacker News

Threat Score
88/100

Date Published: 2026-07-06

Date Updated: 2026-07-07

Author: [email protected] (The Hacker News)

...
...

An Iranian MOIS-linked APT cluster called Cavern Manticore is using a newly documented modular command-and-control framework (Cavern/Cav3rn) to target Israeli organizations and IT providers via a SysAid DLL side-loading supply-chain compromise; the framework uses mixed .NET compilation formats, loads modular post-exploitation DLLs (mhm.dll, db.dll, ode.dll, n-ten.dll, n-sws.dll), and has been observed performing reconnaissance, credential access, tunneling, lateral movement, and data exfiltration.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.